By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Failed to pull and unpack image with status code [manifests v1.1]: 401 Unauthorized

0

Hi, I created an ec2 instance and installed microk8s. Now, I am trying to pull the image from ecr. I have attached IAM role to the ec2 instance with AmazonEC2ContainerRegistryReadOnly policy attached. I have also downloaded and configure iam-authenticator but still I am getting the following events

  Normal   Scheduled          32s                default-scheduler  Successfully assigned k8ssandra-operator/soap-deployment-5785fdcbb6-psvml to ip-192-168-81-119
  Normal   Pulling            18s (x2 over 32s)  kubelet            Pulling image "782534010321.dkr.ecr.eu-west-2.amazonaws.com/soap:v1.1"
  Warning  Failed             18s (x2 over 31s)  kubelet            Failed to pull image "782534010321.dkr.ecr.eu-west-2.amazonaws.com/soap:v1.1": rpc error: code = Unknown desc = failed to pull and unpack image "782534010321.dkr.ecr.eu-west-2.amazonaws.com/soap:v1.1": failed to resolve reference "782534010321.dkr.ecr.eu-west-2.amazonaws.com/soap:v1.1": pulling from host 782534010321.dkr.ecr.eu-west-2.amazonaws.com failed with status code [manifests v1.1]: 401 Unauthorized
  Warning  Failed             18s (x2 over 31s)  kubelet            Error: ErrImagePull
  Warning  MissingClusterDNS  5s (x6 over 32s)   kubelet            pod: "soap-deployment-5785fdcbb6-psvml_k8ssandra-operator(5f1750ed-8316-48c0-869f-9fa4b0870d22)". kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to "Default" policy.
  Normal   BackOff            5s (x3 over 31s)   kubelet            Back-off pulling image "782534010321.dkr.ecr.eu-west-2.amazonaws.com/soap:v1.1"
  Warning  Failed             5s (x3 over 31s)   kubelet            Error: ImagePullBackOff

my .kube/config is as following

apiVersion: v1
clusters:
- cluster:
   server: https://192.168.81.119:16443
   certificate-authority-data: my-ca
  name: kubernetes
contexts:
- context:
   cluster: kubernetes
   user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: /home/ubuntu/aws-iam-authenticator
      args:
        - "token"
        - "-i"
        - "aws-cluster-123456"
        - "-r"
        - "<role-arn>"
Topics
Management & GovernanceContainersDevOpsSecurity, Identity, & Compliance
Tags
AWS Command Line InterfaceAmazon Elastic Container ServiceContainersDevOpsIAM Policies
Language
English
rePost-User-1592414
asked a year ago2920 views
1 Answer
0

Check out this post where a user had the same problem and posted the solution https://discuss.kubernetes.io/t/microk8s-ec2-and-ecr/6476

AWS
Pablo Guzman
answered a year ago
  • rePost-User-1592414
    a year ago

    Hi, Thanks for the comment. I have tried the above solution but it is not working. Is there any suggestion? thanks

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content